Share this:

If you are a criminal and trying to steal things then breaking the law in other ways is unlikely to concern you. To me such a statement seems obvious, but apparently it isn’t – and I’m not just talking about cyber-criminals here.

Share this:

Since the Internet is nearly out of IPv4 addresses, people are finally getting serious about using IPv6. As people start deploying IPv6 we will find new bugs and loopholes that crooks can exploit. Holes like this one that mean that a bot on a network could act as the "man in the middle" for everyone else nearby.

Share this:

This is a follow up to the previous post where we noted the emergence of a new 'conficker'-like threat. Thanks to research by our colleagues at Shadowserver it looks like the threat is actually more closely related to the Waledac/Storm worm malware rather than conficker, however that does not stop us from blocking it.

Over the last couple of days we've seen an increasing number of outbound DNS queries to ip addresses on our block lists - principally to ones on the DShield 4000. Since the destination servers are frequently in China and the subscribers have little to do with China this looks unlikely to be genuine traffic. It is however somewhat suggestive of Conficker and other similar fastflux DNS malware which "call home" via a DNS lookup to some randomly generated subdomain of an otherwise apparently genuine domain. The DNS lookup resolves (usually) to a fastflux intermediary that communicates with the botmaster, The DNS server itself is generally not 'bad' per se but it will be under the control of the cyber crooks because they have to feed it the zone changes so frequently and this level of activity would raise a flag in any legitimate DNS hosting service.

Share this:

Researchers at TrendMicro - and elsewhere - have identified changes to the infamous ZeuS trojan and how it is propagated. The new method involves another piece of malware named Licat, which uses techiques pioneered by the "conficker" worm to try and contact its Command and Control hosts. When Licat successfully finds a C&C host it downloads a new variant of ZeuS from them.